Bracket Madness of a Different Sort: Firm Scores University Breaches
By John P. Mello Jr.
For millions of Americans, March means brackets—the kind found in the NCAA men’s basketball tournament—but for the threat watchers at Application Security’s TeamShatter, it means brackets of a different kind: breach brackets.
In the spirit of “March Madness,” the security firm puts together its brackets for colleges that lost the most data due to breaches in the previous year.
Ironically, the school that stood alone at the top of TeamShatter’s breach brackets fielded last year’s Cinderella team in the real NCAA basketball tournament: Virginia Commonwealth, which went from a 11th seed to the Final Four.
In 2011, TeamShatter said, VCU suffered the largest data breach of any U.S. institution of higher learning when hackers, on November 11, compromised 176,567 records containing personal information about current and former VCU and VCU Health System faculty, staff, students and affiliates.
The data breaches at the other members of the “Final Four” didn’t even come close to VCU. Wisconsin Milwaukee, which VCU beat out for the title, had a 79,000 record breach; Yale, 43,000 records; and South Carolina, 31,000 records.
According to TeamShatter, VCU was the 21st school of higher learning to suffer a breach of more than 100,000 records since 2005. Throughout the years, the winners of the threat firm’s exercise in bracketology have included some basketball powerhouses, such as Ohio State (2010), North Carolina (2009) and UCLA (2006).
The good news for universities is that the number of data breaches for the year, 48, and the number of records compromised, 478,490, is the lowest it has been since 2005. And while VCU may have been top dog in 2011, its data breach didn’t even make the threat company’s top 10 list.
As encouraging as the breach numbers from 2011 were, one year does not make a trend. In fact, early signs for 2012 indicate 2011 may have been an anomaly in this data set, with Arizona State, which saw 300,000 records compromised in January, already reporting what would be the fourth highest breach since 2005.